Combination of tc-bfifo and iptables doesnt work

Combination of tc-bfifo and iptables doesnt work

[Ηλια Χατζηστυλη]

Hello.
I have an openwrt firmware installed in my router and I want to  
configure a Home and a Guest interface.
So I have two internal interfaces(home,guest) and the external(eth1).  
First I have to send all traffic from the two internal interfaces to  
external(eth1) so that I can use one qdisc with classes which can  
borrow rate from each other. Subsequently, I want to use the Tc-prio  
tool to apply priority queuing and then I also want to limit the rate  
of the external qdisc(eth1), so I use tbf scheduler ,as shown below.  
It is very important for my project to define home and guest queues in  
bytes and not in packets so I want to use BFIFO in my 3 prioritized  
auto created classes and not pfifo_Fast and ifconfig method. So when I  
add the 3 last lines of code the two internal interfaces do not have  
network access, so I suppose that the iptables commands doesn't work  
any more. Is it possible for you to point the problem here?

Thank you in advance,
Chatzistyli Ilia

#!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org

echo "Starting bandwidth shaping"
IPT=/usr/sbin/iptables
IF=eth1
#interface home user
IFHU=wlan0
#interface guest user
IFGU=wlan0-1
IP="$(ifconfig eth1 | grep "inet addr" | cut -d ':' -f 2 | cut -d ' '  
-f 1)"    # IP eth1 Interface
IPHU\x192.168.5.1
IPGU\x192.168.3.1



$IPT -t filter -F
$IPT -t filter -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
$IPT -t raw -F
$IPT -t raw -X
# Default Policies fuer integrierte Ketten festlegen:

$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t filter -P INPUT ACCEPT
$IPT -t filter -P FORWARD ACCEPT
$IPT -t filter -P OUTPUT ACCEPT

#----------send wlan0-1 & wlan0 to eth1
         echo "iptables interface traffic redirect"
         iptables -t nat -A POSTROUTING --out-interface $IF -j MASQUERADE
         iptables -A FORWARD --in-interface $IFHU -j CLASSIFY --set-class 2:1
         iptables -A FORWARD --in-interface $IFGU -j CLASSIFY --set-class 2:2
         echo "end of iptables"
#--------------------------------------

#----------clean prev rules always-----
         echo "clearing old qdiscs"
         tc qdisc del dev $IF root
         echo "end of cleaning"

#----------------------u32 for up limit
         echo "tc-start"
         echo "qdisc"
         tc qdisc add dev $IF root handle 1: tbf rate 690kbit burst  
2750 limit 50000
         tc qdisc add dev $IF parent 1: handle 2: prio
         echo "class 1(home) 2(guest)"

#-------------------- This *instantly* creates classes 2:1, 2:2, 2:3

        tc qdisc add dev $IF parent 2:1 handle 10 bfifo limit 60
        tc qdisc add dev $IF parent 2:2 handle 20 bfifo limit 60
        tc qdisc add dev $IF parent 2:3 handle 30 bfifo limit 60
--

Re: Combination of tc-bfifo and iptables doesnt work

[Martin A. Brown]

Greetings,

> I have an openwrt firmware installed in my router and I want to configure a
> Home and a Guest interface.
> So I have two internal interfaces(home,guest) and the external(eth1). First I
> have to send all traffic from the two internal interfaces to external(eth1) so
> that I can use one qdisc with classes which can borrow rate from each other.
> Subsequently, I want to use the Tc-prio tool to apply priority queuing and then
> I also want to limit the rate of the external qdisc(eth1), so I use tbf
> scheduler ,as shown below. It is very important for my project to define home
> and guest queues in bytes and not in packets so I want to use BFIFO in my 3
> prioritized auto created classes and not pfifo_Fast and ifconfig method. So
> when I add the 3 last lines of code the two internal interfaces do not have
> network access, so I suppose that the iptables commands doesn't work any more.
> Is it possible for you to point the problem here?
>

[snip]

>      tc qdisc add dev $IF parent 2:1 handle 10 bfifo limit 60
>      tc qdisc add dev $IF parent 2:2 handle 20 bfifo limit 60
>      tc qdisc add dev $IF parent 2:3 handle 30 bfifo limit 60

I have not tried your configuration.

I observe that a bfifo limit of 60 is extremely low.

I'm uncertain of the correctness of my suspicion, but I think that 
60 bytes may be too small to allow any packet into the transmit 
queue.  I would think that the FIFO would not accept a packet larger 
than 60 bytes.  That would cause bfifo to drop most of your packets 
when trying to enqueue them, no?

Perhaps you could set the value to 1600 or 2000 (MTU + something) 
and try again?

It is unclear what resource in particular you are trying to conserve 
with the choice for bfifo.  I observe only that bfifo has no sense 
of time, so I find it a strange way to apply limiting.  (Other 
qdiscs like codel, fq_codel and htb include time as a component of 
their scheduling....)

Anyway, good luck,

-Martin

-- 
Martin A. Brown
http://linux-ip.net/

Re: Combination of tc-bfifo and iptables doesnt work

[Alan Goodman]

[snip]
>>       tc qdisc add dev $IF parent 2:1 handle 10 bfifo limit 60
>>       tc qdisc add dev $IF parent 2:2 handle 20 bfifo limit 60
>>       tc qdisc add dev $IF parent 2:3 handle 30 bfifo limit 60
> I have not tried your configuration.
>
> I observe that a bfifo limit of 60 is extremely low.

Can confirm; when bfifo queue size is less than the size of the data 
packet the data packet will not make it through; at least on Redhat kernels.

Alan